Need unblock IP

Hello.

I’m running cert-manager on our Kubernetes cluster which requests for a LE cert every time a new feature branch is created.

Unfortunately it appears that cert-manager keeps re-requesting and it hit some kind of IP block.

Now I see the following error when logs cert-manager.

E0723 11:37:24.651125 1 controller.go:147] clusterissuers controller: Re-queuing item "letsencrypt" due to error processing: 403 urn:ietf:params:acme:error:rateLimited: Your IP, 82.x, has been blocked due to ridiculously excessive traffic. Once this is corrected you may request this be reviewed on our forum https://community.letsencrypt.org
In some projects, the request for certificates was incorrectly configured, and because of this, huge traffic was generated.
I fixed it, and would like my IP to be unblocked.

Thanks!

Not very comfortable sharing the actual ip here.
In a similar topic, I found a mail on which I can send an IP, So I sent a request to it

cpu@letsencrypt.org

Hi @mastanggt,

What version of cert-manager are you running right now?

@cpu
In this project - quay.io/jetstack/cert-manager-controller:v0.2.3
Soon we plan to upgrade to 0.3.0

Hi @mastanggt,

We can not unblock your IP until you've upgraded to the 0.3.x release series. Otherwise you'll be missing the bug fixes that addressed the cause of the abusive traffic and will get blocked again.

When you upgrade make sure to go directly to v0.3.2. I believe 0.3.0 is missing support for the "ready" ACME order status and won't work.

When you've completed the upgrade to 0.3.2 let me know and I will begin processing the IP unblock.

Thanks!

Okay, we have several applications working closely with cert-manager, within a week we will see the changes and we will experiment with the new version.
After I’ll write to you again :slight_smile:
Thank you :slight_smile:

1 Like

Great, thanks @mastanggt. Apologies for the inconvenience.

You should be able to access the staging environment to test with.

I look forward to hearing from you soon,

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.